Fix double-close on direct channel registration

In the AIDL sensor HAL wrapper, file descriptors associated with a
direct channel were being wrapped in the AIDL NativeHandle type using
makeToAidl(), which ends up taking ownership of the fds, and
unintentionally closing them when the object goes out of scope (via
ndk::ScopedFileDescriptor), so the same fds would be closed at a later
point when the original native_handle_t is closed.

Switch to dupToAidl() which does not take ownership of the input file
handles.

Bug: 234456046
Test: apply fdsan protection (in different CL), confirm via
      test-sensorservice that the file descriptor is not closed twice
Change-Id: I51c0ba0f31b43c56bf055d186a599b289ca0065f

1 files changed, 1 insertions, 1 deletions

diff --git a/services/sensorservice/AidlSensorHalWrapper.cpp b/services/sensorservice/AidlSensorHalWrapper.cpp
index 4d1de96caa..f67c610550 100644
--- a/services/sensorservice/AidlSensorHalWrapper.cpp
+++ b/services/sensorservice/AidlSensorHalWrapper.cpp
@@ -726,7 +726,7 @@ status_t AidlSensorHalWrapper::registerDirectChannel(const sensors_direct_mem_t
             .type = type,
             .format = format,
             .size = static_cast<int32_t>(memory->size),
-            .memoryHandle = makeToAidl(memory->handle),
+            .memoryHandle = dupToAidl(memory->handle),
     };
 
     return convertToStatus(mSensors->registerDirectChannel(mem, channelHandle));